Nowadays, as information systems become ubiquitous, and companies and organizations of all sectors become dependent on their computing resources, the requirement for the availability of the hardware components and software components (applications) of an IT network and of services based on it, (hereinafter all three are generally referred to as “objects”) is increasing while the complexity of IT networks is growing.
There are network management systems available which enable the availability and performance of objects within an IT network to be monitored and managed. For example, Hewlett-Packard offers such network monitoring and managing tool, which is a server-based, under the name “OpenView”. The product is available for Windows and Unix operating systems. It comprises a management server, a user interface to operate the server and several “agents” for different operating-system platforms. An agent is a program or process which runs on a managed node. A personal computer, network node (in the narrow sense) or any system with a CPU is called a node. A managed node is a node which is monitored and/or managed by the management system.
In order to allow the users of such a system to react to network problems, the agents implement a feature which enables software tools or applications to be started remotely. For example, if the operator of the system detects a possible problem on the monitored node, he can, via the management server and using the user interface, initiate the start of a software tool on the monitored node which carries out diagnosis, recovery, repair and/or reconfiguration actions.
Often, such a tool must be started using a different user account than the account of the operator. To achieve this, the agent has a built-in “switch user” functionality which allows the operator to change his account to the user account which is needed. To use this functionality on Windows NT systems, the agent calls a Windows NT application programming interface (API) in a particular way which is not transparent for normal users, e.g. by including a certain code which is generated by the agent software independent and is independent from the account to which the switch user is to be performed. The call will be forwarded to the Windows NT domain controller. A sub-authentication component (a dynamic link library (DLL) component), which extends the standard Windows NT user name and password authentication component on the domain controller, will receive that call and verify that the call has been performed in the correct way, e.g. by checking the code word (the standard Windows NT authentication component is, for example, described in Microsoft Windows 2000 Security Technical Reference, Redmond, 2000, pages 22–23 and 154–155). If the check reveals that the call has been made correctly, it will allow the agent to perform the switch user to the requested account. The password of the account is not needed by the agent or the domain controller to perform the user switch.